Thanks, but what do people use in addition to OpenVAS?
OpenVAS didn’t catch any of the first things I tried on Windows 7: A non-Admin user in the backup group (thereby easily gaining access to everybody’s files); A non-Admin user having permission to access Event logs; Didn’t check that UAC was set to Never Notify; Didn’t appear to check Local Policies -> Security Options such as “Domain member: Digitally sign secure channel data” or “Network access: Let everyone permissions apply to anonymous users” A non-standard hidden file executed by Task Scheduler. The following were only logged and not considered a vulnerability: Telnet active (it only logged “Detect Server type and version via Telnet”); A user share open to everybody. These are just the first ones I tried, other than OS updates it didn’t catch anything I tried, I suspect I can find many more. paul From: Brandon Perry [mailto:[email protected]] Sent: Thursday, September 17, 2015 9:57 AM To: Paul J <[email protected]> Cc: openvas-discuss <[email protected]> Subject: Re: [Openvas-discuss] OpenVAS supplement? There's no such thing as the ultimate tool. The purpose of Metasploit is totally different than OpenVAS/Nexpose/Nessus/Qualys. What vulns is OpenVAS missing? On Thu, Sep 17, 2015 at 10:40 AM, Paul J <[email protected] <mailto:[email protected]> > wrote: Do people believe that OpenVAS is the ultimate tool? Or should other tools be used as well? For example, if you’re using OpenVAS, should you also be using Metasploit? Are there other tools that are good complements to OpenVAS? The main reason I’m asking is that it’s not too hard to find vulnerabilities that OpenVAS doesn’t report for both Windows and Linux. paul _______________________________________________ Openvas-discuss mailing list [email protected] <mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
